Scam Report: Cyberattacks soar as phishing dominates

Cyberattacks were up significantly in the second quarter of 2017, with a surprising twist: global manufacturing is now the top target.

The report from NTT Security also shows that phishing is still the most popular threat and two-thirds (67 percent) of attacks came in the form of just such a threat.

NTT is a very large global managed security provider, and they came out with “Global Threat Intelligence Center Quarterly Threat Intelligence Report” showing there was a 24 percent increase in attacks on its worldwide customer base in the period of April to June, with a third (34 percent) of all attacks targeting manufacturers.

This data is confirmed by Verizon, who claimed in the recent “Data Breach Investigations Report 2017” that phishing attacks were way up from the previous reporting period. The tactic of embedding malicious VBA, or Visual Basic for Applications, macros into documents sent via phishing emails was particularly popular.

Public-facing Microsoft SQL, or MSSQL, servers were popular targets for brute-forcing.

More than a third (37 percent) of manufacturers claimed they don’t have an incident response plan in place. Ouch.

“The motivations for these attacks are often criminal in nature, including extortion via ransomware, industrial espionage and theft of data such as account numbers,” said Jon Heimerl, manager of NTT Security’s threat intelligence communication team.

What poses an even greater problem is that when these breaches are successful, yet go undetected, they allow hackers to establish footholds in organizations’ networks where they have no restraints and wreak havoc over extended periods, Heimerl said.

See more at www.bit.ly/2vwVnTy.

Password procedures a cybersecurity fail

After the NIST passwords bombshell, we surveyed 2,600 information technology professionals to find out how they were managing passwords.

The answers show that IT pros are generally receptive to the proposed pass-phrase concept suggested by NIST.

NIST Special Publication 800-63B, “Digital Identity Guidelines,” states: “Many attacks associated with the use of passwords are not affected by password complexity and length. Keystroke logging, phishing and social engineering attacks are equally effective on lengthy, complex passwords as simple ones. This means that password complexity has failed in practice.”

KnowBe4’s survey showed that 44 percent of respondents overall, large organizations with 1,000+ employees and small to midsize businesses, think a roughly 25-character pass phrase could work versus 35 percent who don’t believe it to be a viable option for their organization.